Romhacking => ROM Hacking Discussion => Topic started by: Infrid on September 06, 2017, 09:13:41 am

Title: [psx] debug a crash by setting a breakpoint on cd-rom read
Post by: Infrid on September 06, 2017, 09:13:41 am

I am working on a fan translation for the game ace combat 3 and I would explain few issues and find the best solution with your help.

The game stores the text as images in TIM files and it's pretty easy to edit them, but those images are stored in a big container. The files involved are ACE.BPB for storing the actual files, aligned to the sector, and ACE.BPH for the information about the positions in the disk.

We have a tool that reads those 2 files ( and unpack the content, many files are compressed in a custom ulz format and I manage to work on those files. There is also a tool for pack and rebuild the BPB and BPH (

The TIMs are compressed in lz77 and I wrote a compressor/decompressor for that (, the algorithm is working for me, at least the decompressor. I can see all the game content.

I would translate the game menu, there is a file for that compressed in ulz at some offset of ACE.BPB, with psxfin (maybe I should use no$psx) I set a breakpoint for write into the RAM at a specific address and I can see the decompressor algorithm working.

I edited the menu file, I compress it and build the BPB and BPH. The game crashes reading my changed file and I don't understand why, clearly it could be a problem of my compressor but I can't see the decompressor algorithm with the same breakpoint.

I looked inside the executable with a disassembler in order to find the uncompress routine but I cannot see the part where the game reads the ulz's header. I suspect I made a mistake there, in fact if I don't compress the file, the game reads it anyway (at cost of loading speed).

I read the docs on how the console is supposed to control the cd-rom, it stores some values in a memory address and fires an interrupt for reading a sector but I have few problems.

- Get the exact sector where my file is stored
- Set a breakpoint with the emulator

For the first, I could change the unpacker and have an idea where the file is store, but it doesn't seems a nice way to do it, do you know a better technique?

For the breakpoint, is there an emulator where I can set a breakpoint to a sector regardless the way how the psx read it? It could use few API calls and I would avoid to set a breakpoint to a DMA, I could need to investigate for other files in the feature and it would be nice to have a smoother workflow.

Title: Re: [psx] debug a crash by setting a breakpoint on cd-rom read
Post by: STARWIN on September 07, 2017, 07:56:41 am
You can search the cd image for a unique byte sequence in the file to get an offset that represents it. Then, assuming a 2352 bytes per sector image, divide the offset by 2352 to get the sector where that specific part of the file is located in.

I don't recall seeing anything especially useful for a cd read breakpoint in an old version of no$psx.

However, unless I missed something or the program structure is difficult, I would backtrack the program execution from that known decompressor working break. Or use exec breakpoints around there if you didn't do that yet. I take that the decompression algo isn't used in the problem case? But regardless, exec breakpoints either there or in a backtracked location.
Title: Re: [psx] debug a crash by setting a breakpoint on cd-rom read
Post by: Infrid on September 11, 2017, 03:29:25 am
Thanks, I had some spare time and try to get the sector, with an hex editor that opens disks I can easy see the sector I am looking for. I also did a bit of math just to double check.

This special version of pcsx ( can set a breakpoint to any disc sectors, but for some reason the debugger is not fired when the game is supposed to read that part of the disc.

I have double check the correct sector